package tmt.usercenter.web.configure.security;

import com.tmt.annotation.ResourceIdDescriptor;
import com.tmt.annotation.ScopeDescriptor;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

@Configuration
@EnableResourceServer
@ScopeDescriptor(value = "external", title = "为第三方提供的调用接口", description = "为第三方提供的调用接口", order = 1, defaultSelected = true)
public class LogoutNotifyRSConfiguration extends ResourceServerConfigurerAdapter {

	@ResourceIdDescriptor(title = "客户端登出通知", description = "当客户端本地登出时，通过调用本接口通知服务器", order = 1, scope = {"logout"})
	public static final String RESOURCE_ID = "logout_notify";

	@Override
	public void configure(HttpSecurity http) throws Exception {
		http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
				.and()
				.authorizeRequests()
				.antMatchers("/external/logout**").permitAll()
				.antMatchers("/external/**")
				.authenticated()
		/**
		 * 以下可以控制客户端必须具备的SCOPE
		 */
		//.access("#oauth2.hasScope('write')");
		;
	}

	@Override
	public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
		resources.resourceId(RESOURCE_ID);
	}
}
